The short video log that follows was prepared to answer a question raised in the Forum on the ForgeRock Community Website. It’s an easy one on how to configure two separate BaseDNs of single ForgeRock OpenDJ instance as Identity Repository for two separate Realms in ForgeRock OpenAM.
Enjoy!
This update could be considered a variant of an earlier post around ForgeRock OpenIG. And it’s highly recommended you watch my screen-cast on ‘OpenIG Authentication From File DataStore’ (or the blog update mentioned above) before viewing the video embedded below. As always, for making the video demonstrations that you see below, I just followed the neat instruction from the ForgeRock documentation.
An illustration below for giving you an idea of what’s in store in my 8 minute video:
And here’s quick explanation on what’s happening:
step (1) OpenIG intercepts your browser’s HTTP GET request. The request matches the new route configuration (“/sql”)
Step (2) The OpenIG ‘SQLAttributesFilter’ looksup credentials for ‘sholmes@example.com’ in the H2 database
step (3) The ‘SQLAttributesFilter’ stores the credentials fetched in step 2 in Exchange
step (4) The ‘StaticRequestFilter’ retrieves the credentials from Exchange, replaces the original HTTP GET request with HTTP POST login that contains the credentials to authenticate
step (5) OpenIG now sends HTTP POST to the Application (listening on port 8081)
Step (6) The application (on port 8081) validates the authentication credentials and sends the response to OpenIG
step (7) The OpenIG now sends the response to the client (which happens to be user profile)
Now sit back and enjoy the video: